Ukrainian cyber operatives disrupt Russian banking payment system, intelligence source says
Ukraine’s military intelligence (HUR) disabled Russia’s SPB fast payment system, which is used to transfer funds supporting the war in Ukraine, a source in the agency told the Kyiv Independent on Sept. 25.
A distributed denial-of-service (DDoS) attack on SPB and the telecom provider Transtelekom on Sept. 24 allegedly disrupted instant transfers and online payments for many users.
The outage was reflected on Downdetector, an online platform that tracks service disruptions, which recorded a spike in SPB network issues between 7:00 and 11:00 a.m. local time.
Transtelekom acknowledged the disruption in an official statement the same day, citing "reasons beyond (its) control" for the service outage.
Meanwhile, local Telegram channels in the Russian city of Yekaterinburg reported that public transport passengers were unable to pay fares using QR codes due to a DDoS attack targeting the National Payment Card System (NSPK).
In addition to transport payment failures, users were also reportedly unable to complete transactions at gas stations, according to the source.
"The cyberattack also left hundreds of thousands of subscribers of local internet providers across multiple Russian regions without internet access or interactive television," the source added.
The estimated economic damage caused by the DDoS attack on the SPB payment system could reach up to $30 million, the source said.
Since the beginning of the full-scale war, Ukraine has routinely used cyberoperations to disrupt Russia’s war effort, frequently targeting the country’s banking infrastructure, oil refining sector, and classified data networks.
Ukraine’s military intelligence agency reportedly hacked the servers of Russian-installed authorities in occupied Crimea a day earlier, extracting over 100 terabytes of confidential data.
